VoIP SIP telephone, static-route.

Peeter

I'm using the PFsense 1.0 BETA 1.

Is it possible to enable the pf "static-port" option in the NAT-rule?

This is needed to get a VoIP SIP telephone working.

as for now the outgoing port is translated and confuses the SIP-server.

I need it to be like. for example..

ip_phone:3300 -> NAT_router:3300 -> server:port

and not

ip_phone:3300 -> NAT_router:dynamicport -> server:port

When using PF under freeBSD/OpenBSD I just added "static-port" to the NAT rule to get it working.
But I don't find that option anywhere in PFSense.

Superman

As mentioned in a few other posts on the same/similar topic you can download the latest snapshot here:

http://www.pfsense.org/~sullrich/?M=D (These aren't officially supported, thus not announced on the forum or website.)

Or you could download the Developers Edition and compile your own. Here: http://wiki.pfsense.com/wikka.php?wakka=VMWareDevelopersEdition

It has the static port option in the Advanced Outbound NAT which should handle what you're looking for!

Peeter

Thank you!

That solved the problem.

Just had a few issues to solve to get the upgrade to work because i've installed on a CF-card and changed the platform to wrap and that platform wasn't upgradable from the image files.
I changed the platform back to pfSense, upgraded. And then back to wrap again, it seemed like the config-file was corrupted.

I did a reset and reentered all the settings (I never did a config backup before upgrading. my fault).

And now it seems to work perfectly :)

Gronis

I run pfsense and have VoIP from Tele2 and i live in sweden. I run the lastes testbeta, but i cant get my VoIP to work i have applayed advanced outbound NAT and open all the ports that it need under  nat - > port forwing  do i need to do anymore stuf before it works? or i´m scruewd ?

pleas need help i realy like pfsense and whant to run it

before i did run IPCop and the all stuf did work

intenso

Ive got the same problem as Gronis, same VoIP provider and the same pfSense version.
Ive tried the static route option but that didnt solve the problem, the connection nerver get "established" instead it only get to "SINGLE:NO_TRAFFIC". :o
The static portmapping works but some how the SIP box wont full fill the connection to the server (or the other way around). The VoIP provider have given me all the ports that I need to open and Ive configuerd them in pfS, and I know that they are correct beacuse I use similary forward rules on my Linux box.
Some help on this topic would be verry appreciated!

intenso

OK, I got it working.. dunno how but it works!  ;D
I have static routes enabled, odd beacuse I had the same config yeasterday but it wouldnt work.

BTW, tnx for a great firewall!

soft0

@intenso:

OK, I got it working.. dunno how but it works!  ;D
I have static routes enabled, odd beacuse I had the same config yeasterday but it wouldnt work.

BTW, tnx for a great firewall!

Hey!
Could i see what your static route looks like?

micke

how do i setup staticroute for my voip-phone (tele2) ? ,i have NAT rules UDP 5060-5061 and UDP 10000-10007,
and i cant still get it to work. (according to tele2support thats all i need).

sullrich

Advanced outbound NAT.

This has been covered umpteen times here in the forum.

hoba

And to stop the confusion, you need a static port, not a static route.

micke

i've spend lots of time to figure how to get it to work. only progress is still that i managed to call from my voipphone to
my mobile and it was only one directioncall ..  :-\

i've advanced outbound NAT and static port activated for the ports.

states show:

Proto    Source -> Router -> Destination    State     
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:3478 <- 192.168.0.244:5060 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE

192.168.0.244 is my voip.

Firewall: NAT: Outbound shows:

Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN  192.168.0.0/24 5060 192.168.0.244/32 5060 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 5061 192.168.0.244/32 5061 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 3478 192.168.0.244/32 3478 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 3479 192.168.0.244/32 3479 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10000 192.168.0.244/32 10000 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10001 192.168.0.244/32 10001 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10002 192.168.0.244/32 10002 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10003 192.168.0.244/32 10003 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10005 192.168.0.244/32 10005 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10006 192.168.0.244/32 10006 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10007 192.168.0.244/32 10007 * *
YES
tele2

and i do not have any rules on "Firewall: NAT: Port Forward" for the phone,exept rules for dc++ and games
that i play online that works exelent!!

hoba

As you can see from the state table your static port doesn't work:

@micke:

Proto    Source -> Router -> Destination    State     
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC

Just create a single rule on top of your advanced outbound NAT rules for source IP-phone, destination any, static port. Save and apply. After that reset states at diagnostics>ststes, reset states to make the phone recreate the states with the static port.

micke

thanx for fast reply ,almost there..  :o
the phone still doesnt work but the states looks better ,heh ..

udp  192.168.0.244:3478 -> 83.233.97.165:3478 -> 130.244.125.91:3478  MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 192.168.0.244:3478 -> 130.244.125.130:3479 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE
udp 130.244.125.130:3479 <- 192.168.0.244:3478 NO_TRAFFIC:SINGLE

anyone with tele2/sweden who can post some info? , i dont want to go back to my zyxelrouter ,due
the autonegationproblem i have with my ISP (bb2 100mbit full duplex) ,when i only get worthless speed.  :'(

hoba

Which direction does not work? incoming or outgoing?

micke

outgoing works occasionally .. incoming never ..

i read somwere that 1:1 nat could help ?!?  or upnp ??

-i'm thinking of to get another nic and run with a raisercard a dmz or something like that,
is that possible to get it run easier? (currently i have via-miniitx nehemiah mobo) +hp procurve switch

hoba

static port does something similiar to 1:1 nat (at least when it comes to the natting). Does your phone use STUN and does your provider support it? SIP providers handle things very different. Some use STUN, some use a proxy at their end that rewrites ports/IPs to the IPs that the server sees and not the info that is inside the voip packages, others don't use any of these mechanisms which can lead to serious problems behind NATs. SIP and NAT are not good friends in general.

micke

:D  ,yes..  it works now ,i dont know really how ,but i installed miniupnpd package.
thx for all , pfsense roxx .

Gronis

Dose this work now? I going to trye PF agin i fhink but i need to now that the tele2 voip works.

micke

yes ,tele2 works.  =D